npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has made staged publishing generally available on npm, requiring maintainers to pass a 2FA challenge before a package version becomes publicly installable, alongside new install source flags.
GitHub has announced the general availability of staged publishing for npm, a security feature that mandates a human maintainer pass a two-factor authentication (2FA) challenge before a package version is pushed to the public registry. The update, detailed in a blog post on May 23, 2026, is designed to mitigate the risk of compromised accounts or automated CI/CD workflows pushing malicious code to millions of npm users. Alongside staged publishing, GitHub introduced new install source flags that give developers explicit control over which non-registry sources are allowed during package installation.
Staged publishing works by uploading a prebuilt tarball to a staging queue rather than making it immediately available. A maintainer must then explicitly approve the release after passing a 2FA challenge, ensuring what GitHub calls 'proof of presence' for every publish. This applies even to packages published via non-interactive CI/CD pipelines or trusted publishing with OpenID Connect (OIDC). To use the feature, maintainers must have publish access, the package must already exist on the registry, and 2FA must be enabled for their account. Developers can submit a package to staging using the command `npm stage publish` from the package root directory, requiring npm CLI version 11.15.0 or newer.
In addition to staged publishing, GitHub introduced three new install source flags: `--allow-file` for local file paths and tarballs, `--allow-remote` for remote URLs including HTTPS tarballs, and `--allow-directory` for local directories. These flags join the existing `--allow-git` flag, allowing developers to apply an explicit-allowlist approach to every non-registry install source. GitHub recommends pairing staged publishing with trusted publishing using OIDC for optimal protection.
The rollout comes amid a massive surge in software supply chain attacks targeting open-source ecosystems. One cybercriminal group known as TeamPCP has been engaging in poisoning popular packages at an unprecedented scale through a self-perpetuating cycle of compromises, as reported by The Hacker News. Recent incidents include the TanStack compromise via GitHub Actions, the Checkmarx Jenkins plugin backdoor, and the Megalodon campaign that pushed malicious commits to over 5,500 GitHub repositories in six hours.
These attacks have highlighted the vulnerability of CI/CD pipelines and the npm registry to automated credential theft and malicious code injection. By requiring explicit human approval for every publish, staged publishing aims to break the chain of automated attacks that exploit compromised tokens or CI/CD misconfigurations. The new install source flags further harden the supply chain by preventing accidental or malicious installations from untrusted sources.
The update affects millions of npm users and represents a significant security enhancement for the ecosystem. GitHub, a Microsoft-owned subsidiary, has been under pressure to improve npm security following a series of high-profile incidents. The company has also been working on other security features, such as trusted publishing with OIDC, to reduce reliance on long-lived tokens.
Industry experts have welcomed the move, noting that it addresses a critical gap in the npm security model. 'Staged publishing is a game-changer for supply chain security,' said a security researcher quoted in the article. 'It ensures that even if an attacker gains access to a maintainer's CI/CD pipeline, they cannot push malicious code without the maintainer's explicit approval.' The feature is now available to all npm users, and GitHub is encouraging maintainers to enable it as soon as possible.